Millions of Dutch affected by data leak at car companies' IT service: report

The personal data of potentially millions of Netherlands residents was available for sale online. The data was stolen from RDC, a company that provides car garages with IT services. It includes home addresses, telephone numbers, email addresses, licence plates, and dates of birth, among other things, NOS reports based on its own research. 

The broadcaster found the data for sale online and contacted the hacker offering it. According to the hacker, the set includes traceable data of at least 7.3 million people, but it is possible that the same person appears in the set more than once. RDC called 7.3 million affected people "realistic", according to NOS.

RDC offers garages services like the option of automatically emailing their clients when it is time for their APK inspection. Some of the stolen data, RDC got from the Netherlands national road transport agency RDW. Exactly how and when the data was stolen, is not yet clear. "The investigation is still in full swing. We have already reported it to the Dutch Data Protection Authority," a spokesperson for RDC said to NOS.

The data in the set is older from a year or two ago, but also includes cars that were bought ten years ago. But while car ownership may change, other personal data likely remained the same. 

"For criminals, this is super useful information," John Fokker, security researcher at McAfee, said to NOS. "Gangs of criminals who get their hands on this data can now see with one click of a button where expensive cars are." The personal data can also be interesting for online scammers, and can be used for personal attacks. At least one party leader in parliament is affected by the leak, according to the broadcaster. "You now know where they live and what car they drive," Fokker said.